The data breach involved an online application pertaining to the Financial Services Center (FSC), which was accessed by “unauthorized users to divert payments to community health care providers for the medical treatment of Veterans.”
The application was taken offline and the incident reported to VA’s Privacy Office.
An investigation into the incident has revealed that the hackers modified financial information once they were able to access the application. By using social engineering and exploiting authentication protocols, the attackers were then able to divert payments from the VA.